cisco-sa-20030930-ssl

SSL Implementation Vulnerabilities

cisco-sa-20030930-ssl · Medium · Published 22 years ago · Updated 22 years ago

On September 30, 2003, new vulnerabilities in the OpenSSL implementation for SSL were announced. This is referred to as the "first" vulnerability in this document. On November 4, 2003, another vulnerability in the OpenSSL implementation for SSL, version 0.9.6, was announced. This is referred to as the "second" vulnerability in this document. An affected network device running an SSL server based on an affected OpenSSL implementation may be vulnerable to a Denial of Service (DoS) attack when presented with a malformed certificate by a client. The network device may be vulnerable to this vulnerability even if it is configured to not authenticate certificates from the client. There are workarounds available to mitigate the effects of these vulnerabilities. This advisory will be posted at https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20030930-ssl.

Cisco advisory · CSAF JSON

Workarounds

No workaround information imported yet.

CVEs	CVE-2003-0543, CVE-2003-0544, CVE-2003-0545, CVE-2003-0851, CVE-2005-1247
Cisco Bug IDs	NA
CVSS Score	Base 5.0 Base 5.0 AV:N/AC:L/Au:N/C:N/I:N/A:P/E:U/RL:OF/RC:C/CDP:N/TD:N/CR:ND/IR:ND/AR:ND
Product Names From Source	Cisco Application and Content Networking System (ACNS) Software, Cisco Content Services Switch (CSS), CiscoWorks Hosting Solution Engine (HSE), Cisco PIX Firewall Software, Cisco Secure Content Accelerator (SCA), Cisco Secure Policy Manager, Cisco WebNS, CiscoWorks Wireless LAN Solution Engine (WLSE), Cisco GSS Global Site Selector, Cisco Catalyst 6000 Network Analysis Module (NAM), Cisco Catalyst 6500 Network Analysis Module (NAM), Cisco Threat Response, Cisco SIP Proxy Server, Cisco 7600 Series Router Network Analysis Module (NAM)

Related Products

Product	CVE	Evidence
CiscoWorks Wireless LAN Solution Engine (WLSE)	CVE-2005-1247	Cisco OpenVuln
CiscoWorks Wireless LAN Solution Engine (WLSE)	CVE-2003-0851	Cisco OpenVuln
CiscoWorks Wireless LAN Solution Engine (WLSE)	CVE-2003-0545	Cisco OpenVuln
CiscoWorks Wireless LAN Solution Engine (WLSE)	CVE-2003-0544	Cisco OpenVuln
CiscoWorks Wireless LAN Solution Engine (WLSE)	CVE-2003-0543	Cisco OpenVuln
CiscoWorks Hosting Solution Engine (HSE)	CVE-2005-1247	Cisco OpenVuln
CiscoWorks Hosting Solution Engine (HSE)	CVE-2003-0851	Cisco OpenVuln
CiscoWorks Hosting Solution Engine (HSE)	CVE-2003-0545	Cisco OpenVuln
CiscoWorks Hosting Solution Engine (HSE)	CVE-2003-0544	Cisco OpenVuln
CiscoWorks Hosting Solution Engine (HSE)	CVE-2003-0543	Cisco OpenVuln
Cisco WebNS	CVE-2005-1247	Cisco OpenVuln
Cisco WebNS	CVE-2003-0851	Cisco OpenVuln
Cisco WebNS	CVE-2003-0545	Cisco OpenVuln
Cisco WebNS	CVE-2003-0544	Cisco OpenVuln
Cisco WebNS	CVE-2003-0543	Cisco OpenVuln
Cisco Threat Response	CVE-2005-1247	Cisco OpenVuln
Cisco Threat Response	CVE-2003-0851	Cisco OpenVuln
Cisco Threat Response	CVE-2003-0545	Cisco OpenVuln
Cisco Threat Response	CVE-2003-0544	Cisco OpenVuln
Cisco Threat Response	CVE-2003-0543	Cisco OpenVuln
Cisco Secure Policy Manager	CVE-2005-1247	Cisco OpenVuln
Cisco Secure Policy Manager	CVE-2003-0851	Cisco OpenVuln
Cisco Secure Policy Manager	CVE-2003-0545	Cisco OpenVuln
Cisco Secure Policy Manager	CVE-2003-0544	Cisco OpenVuln
Cisco Secure Policy Manager	CVE-2003-0543	Cisco OpenVuln
Cisco Secure Content Accelerator (SCA)	CVE-2005-1247	Cisco OpenVuln
Cisco Secure Content Accelerator (SCA)	CVE-2003-0851	Cisco OpenVuln
Cisco Secure Content Accelerator (SCA)	CVE-2003-0545	Cisco OpenVuln
Cisco Secure Content Accelerator (SCA)	CVE-2003-0544	Cisco OpenVuln
Cisco Secure Content Accelerator (SCA)	CVE-2003-0543	Cisco OpenVuln
Cisco SIP Proxy Server	CVE-2005-1247	Cisco OpenVuln
Cisco SIP Proxy Server	CVE-2003-0851	Cisco OpenVuln
Cisco SIP Proxy Server	CVE-2003-0545	Cisco OpenVuln
Cisco SIP Proxy Server	CVE-2003-0544	Cisco OpenVuln
Cisco SIP Proxy Server	CVE-2003-0543	Cisco OpenVuln
Cisco PIX Firewall Software	CVE-2005-1247	Cisco OpenVuln
Cisco PIX Firewall Software	CVE-2003-0851	Cisco OpenVuln
Cisco PIX Firewall Software	CVE-2003-0545	Cisco OpenVuln
Cisco PIX Firewall Software	CVE-2003-0544	Cisco OpenVuln
Cisco PIX Firewall Software	CVE-2003-0543	Cisco OpenVuln
Cisco PIX Firewall	CVE-2005-1247	Cisco OpenVuln
Cisco PIX Firewall	CVE-2003-0851	Cisco OpenVuln
Cisco PIX Firewall	CVE-2003-0545	Cisco OpenVuln
Cisco PIX Firewall	CVE-2003-0544	Cisco OpenVuln
Cisco PIX Firewall	CVE-2003-0543	Cisco OpenVuln
Cisco GSS Global Site Selector	CVE-2005-1247	Cisco OpenVuln
Cisco GSS Global Site Selector	CVE-2003-0851	Cisco OpenVuln
Cisco GSS Global Site Selector	CVE-2003-0545	Cisco OpenVuln
Cisco GSS Global Site Selector	CVE-2003-0544	Cisco OpenVuln
Cisco GSS Global Site Selector	CVE-2003-0543	Cisco OpenVuln
Cisco Content Services Switch (CSS)	CVE-2005-1247	Cisco OpenVuln
Cisco Content Services Switch (CSS)	CVE-2003-0851	Cisco OpenVuln
Cisco Content Services Switch (CSS)	CVE-2003-0545	Cisco OpenVuln
Cisco Content Services Switch (CSS)	CVE-2003-0544	Cisco OpenVuln
Cisco Content Services Switch (CSS)	CVE-2003-0543	Cisco OpenVuln
Cisco Catalyst 6500 Network Analysis Module (NAM)	CVE-2005-1247	Cisco OpenVuln
Cisco Catalyst 6500 Network Analysis Module (NAM)	CVE-2003-0851	Cisco OpenVuln
Cisco Catalyst 6500 Network Analysis Module (NAM)	CVE-2003-0545	Cisco OpenVuln
Cisco Catalyst 6500 Network Analysis Module (NAM)	CVE-2003-0544	Cisco OpenVuln
Cisco Catalyst 6500 Network Analysis Module (NAM)	CVE-2003-0543	Cisco OpenVuln
Cisco Catalyst 6000 Network Analysis Module (NAM)	CVE-2005-1247	Cisco OpenVuln
Cisco Catalyst 6000 Network Analysis Module (NAM)	CVE-2003-0851	Cisco OpenVuln
Cisco Catalyst 6000 Network Analysis Module (NAM)	CVE-2003-0545	Cisco OpenVuln
Cisco Catalyst 6000 Network Analysis Module (NAM)	CVE-2003-0544	Cisco OpenVuln
Cisco Catalyst 6000 Network Analysis Module (NAM)	CVE-2003-0543	Cisco OpenVuln
Cisco Application and Content Networking System (ACNS) Software	CVE-2005-1247	Cisco OpenVuln
Cisco Application and Content Networking System (ACNS) Software	CVE-2003-0851	Cisco OpenVuln
Cisco Application and Content Networking System (ACNS) Software	CVE-2003-0545	Cisco OpenVuln
Cisco Application and Content Networking System (ACNS) Software	CVE-2003-0544	Cisco OpenVuln
Cisco Application and Content Networking System (ACNS) Software	CVE-2003-0543	Cisco OpenVuln
Cisco 7600 Series Router Network Analysis Module (NAM)	CVE-2005-1247	Cisco OpenVuln
Cisco 7600 Series Router Network Analysis Module (NAM)	CVE-2003-0851	Cisco OpenVuln
Cisco 7600 Series Router Network Analysis Module (NAM)	CVE-2003-0545	Cisco OpenVuln
Cisco 7600 Series Router Network Analysis Module (NAM)	CVE-2003-0544	Cisco OpenVuln
Cisco 7600 Series Router Network Analysis Module (NAM)	CVE-2003-0543	Cisco OpenVuln
Application and Content Networking System (ACNS) Software	CVE-2005-1247	Cisco OpenVuln
Application and Content Networking System (ACNS) Software	CVE-2003-0851	Cisco OpenVuln
Application and Content Networking System (ACNS) Software	CVE-2003-0545	Cisco OpenVuln
Application and Content Networking System (ACNS) Software	CVE-2003-0544	Cisco OpenVuln
Application and Content Networking System (ACNS) Software	CVE-2003-0543	Cisco OpenVuln

Vulnslist

Cisco vulnerabilities by product, model, software, and advisory.

SSL Implementation Vulnerabilities

Workarounds

Related Products